On Thu, Oct 30, 2014 at 09:54:57AM -0300, Net Warrior wrote:
I suspect that you do not want that. It would force every client to have a client-side X.509 certificate. Good for secure authentication, but more effort to manage than most people are prepared to handle.
Is it because of the certificte expiration or something like that tha's hard to mantain?
Yes. It is worth considering though, provided you have a well-organised system for distributing and installing new client-side certificates. You will also need to make sure that the admin tools you use can work with client-side certs.
That is because you tried to add it to a database but it is a global option.
I added to the global section cn=config and do not see it.
Odd. If you use ldapadd to do this then it should either work or return an error code.
Are you really using the BDB database? It has been deprecated for some time
now.
I would suggest using MDB
Yes my bad, after I went to production, I was told that backend was deprecated, is there any doc related to migrate from one backend to another or should I reconfigure the whole database from scratch ?
The safest approach is to slapcat each of your databases into LDIF files then configure new MDB databases and slapadd the data. You will find that loading MDB with slapadd -q is extremely fast.
Andrew